Skip to content

Commit d283b70

Browse files
feat: adding restriction to claude calls
Hardens the claude PR review workflow against unauthorized invocation. Ticket: DX-1244
1 parent 8bc40d5 commit d283b70

1 file changed

Lines changed: 8 additions & 3 deletions

File tree

.github/workflows/claude-pr.yml

Lines changed: 8 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -15,9 +15,14 @@ on:
1515
jobs:
1616
claude-pr:
1717
if: |
18-
(github.event_name == 'issue_comment' && contains(github.event.comment.body, '@claude')) ||
19-
(github.event_name == 'pull_request_review_comment' && contains(github.event.comment.body, '@claude')) ||
20-
(github.event_name == 'issues' && contains(github.event.issue.body, '@claude'))
18+
(
19+
(github.event_name == 'issue_comment' && contains(github.event.comment.body, '@claude')) ||
20+
(github.event_name == 'pull_request_review_comment' && contains(github.event.comment.body, '@claude')) ||
21+
(github.event_name == 'issues' && contains(github.event.issue.body, '@claude'))
22+
) && (
23+
github.event.comment.author_association == 'OWNER' ||
24+
github.event.comment.author_association == 'MEMBER'
25+
)
2126
runs-on: ubuntu-latest
2227
env:
2328
AWS_REGION: us-west-2

0 commit comments

Comments
 (0)